Abstract
Cloud Computing has many advantages like flexibility and reduced costs of IT infrastructure. Privacy issues, however, remain a major drawback. A client outsourcing its data loses control over it. In this paper, we present MimoSecco, a novel technique for secure database out- sourcing. We provide a security notion, a formal security proof. Furthermore, we identify side channels that apply to many secure database outsourcing schemes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Achenbach, D., Gabel, M., Huber, M.: Mimosecco: A middleware for secure cloud storage. In: D.D. Frey, S. Fukuda, G. Rock (eds.) Improving Complex Systems Today, Advanced Concurrent Engineering, pp. 175–181. Springer London (2011). DOI 10.1007/978-0-85729-799-020. URL http://dx.doi.org/10.1007/978-0-85729-799-0_20
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: The Second Biennial Conference on Innovative Data Systems Research (CIDR 2005) (2005). URL http://ilpubs.stanford.edu:8090/659/
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998). DOI 10.1145/293347.293350. URL http://doi.acm.org/10.1145/293347.293350
Damiani, E., Vimercati, S.D.C., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs (2003). DOI http://doi.acm.org/10.1145/948109.948124
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st annual ACM symposium on Theory of computing, STOC ’09, pp. 169–178. ACM, New York, NY, USA (2009). DOI 10.1145/1536414.1536440. URL http://doi.acm.org/10.1145/1536414.1536440
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the nineteenth annual ACM symposium on Theory of computing, pp. 218–229. ACM, New York, NY, USA (1987)
Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD international conference on Management of data, pp. 216–227. ACM (2002)
Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: ICDE ’02: Proceedings of the 18th International Conference on Data Engineering, p. 29. IEEE Computer Society, Washington, DC, USA (2002)
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: VLDB ’04: Proceedings of the Thirtieth international conference on Very large data bases, pp. 720–731. VLDB Endowment (2004)
Huber, M., Gabel, M., Schulze, M., Bieber, A.: Cumulus4j: A provably secure database abstraction layer. In: A. Cuzzocrea, C. Kittl, D.E. Simos, E. Weippl, L. Xu, A. Cuzzocrea, 48 Matthias Huber and Gunnar Hartung C. Kittl, D.E. Simos, E. Weippl, L. Xu (eds.) CD-ARES Workshops, Lecture Notes in Computer Science, vol. 8128, pp. 180–193. Springer (2013)
Kantarcioglu, M., Clifton, C.: Security issues in querying encrypted data. Tech. rep. (2004)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series). Chapman & Hall/CRC (2007)
Kifer, D., Machanavajjhala, A.: No free lunch in data privacy. In: Proceedings of the 2011 ACM SIGMOD International Conference on Management of data, SIGMOD ’11, pp. 193–204. ACM, New York, NY, USA (2011). DOI 10.1145/1989323.1989345. URL http://doi.acm.org/10.1145/1989323.1989345
Nergiz, A.E., Clifton, C.: Query processing in private data outsourcing using anonymization. In: Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy, DBSec’11, pp. 138–153. Springer-Verlag, Berlin, Heidelberg (2011). URL http://dl.acm.org/citation.cfm?id=2029896.2029914
Popa, R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: Protecting Confidentiality with Encrypted Query Processing. In: Symposium on Operating Systems Principles (SOSP). Cascais, Portugal (2011)
Soodejani, A.T., Hadavi, M.A., Jalili, R.: k-anonymity-based horizontal fragmentation to preserve privacy in data outsourcing. In: DBSec, Lecture Notes in Computer Science, vol. 7371, pp. 263–273. Springer (2012). URL http://dblp.uni-trier.de/db/conf/dbsec/dbsec2012.html#SoodejaniHJ12
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragments and loose associations: respecting privacy in data publishing. Proc. VLDB Endow. 3(1-2), 1370–1381 (2010). URL http://dl.acm.org/citation.cfm?id=1920841.1921009
Xiao, X., Tao, Y.: Anatomy: simple and effective privacy preservation. In: Proceedings of the 32nd international conference on Very large data bases, VLDB ’06, pp. 139–150. VLDB Endowment (2006). URL http://dl.acm.org/citation.cfm?id=1182635.1164141
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Huber, M., Hartung, G. (2014). Side Channels in Secure Database Outsourcing on the Example of the MimoSecco Scheme. In: Krcmar, H., Reussner, R., Rumpe, B. (eds) Trusted Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-12718-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-12718-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12717-0
Online ISBN: 978-3-319-12718-7
eBook Packages: Computer ScienceComputer Science (R0)